mirror of https://github.com/zcash/zips.git
Remove the claim that Discrete Logarithm Independence is stronger than collision resistance of GroupHash.
(That's not clearly true, and it's irrelevant.) Signed-off-by: Daira Hopwood <daira@jacaranda.org>
This commit is contained in:
parent
8d19a94716
commit
092e6092ef
|
@ -3862,8 +3862,7 @@ not return $\bot$) as a random oracle.
|
||||||
\item Under the Discrete Logarithm assumption on $\SubgroupG{}$, a random oracle almost surely satisfies
|
\item Under the Discrete Logarithm assumption on $\SubgroupG{}$, a random oracle almost surely satisfies
|
||||||
Discrete Logarithm Independence. Discrete Logarithm Independence implies \collisionResistance\!,
|
Discrete Logarithm Independence. Discrete Logarithm Independence implies \collisionResistance\!,
|
||||||
since a collision $(m_1, m_2)$ for $\GroupGHash{\URS}$ trivially gives a
|
since a collision $(m_1, m_2)$ for $\GroupGHash{\URS}$ trivially gives a
|
||||||
discrete logarithm relation with $x_1 = 1$ and $x_2 = -1$. It is in fact
|
discrete logarithm relation with $x_1 = 1$ and $x_2 = -1$.
|
||||||
stronger than \collisionResistance\!.
|
|
||||||
\item $\GroupJHash{}$ is also used to instantiate $\DiversifyHash$ in \crossref{concretediversifyhash}.
|
\item $\GroupJHash{}$ is also used to instantiate $\DiversifyHash$ in \crossref{concretediversifyhash}.
|
||||||
We do not know how to prove the Unlinkability property defined in that section
|
We do not know how to prove the Unlinkability property defined in that section
|
||||||
in the standard model, but in a model where $\GroupJHash{}$ (restricted to
|
in the standard model, but in a model where $\GroupJHash{}$ (restricted to
|
||||||
|
|
Loading…
Reference in New Issue